Riskwatch Implementation

Where to Start?

RiskWatch products are Software as a Service, cloud-based solutions that are purchased right here on our website following the four simple steps below.

Step 1

Free Trial

 

Try our software free for 14 days. No payment information is required. Once the trial period is over, extend your use by purchasing licenses based on the number of users or the number of areas you will be assessing.

 

 

 

Step 2

Purchase Licenses

 

How Many Users? Our Pricing is based on how many user accounts you will have or how many areas you will be assessing. Each User or Area to be assessed requires 1 license. We provide packages based on your needs. Essentials is for a single license, Standard for up to 10 licenses, and Enterprise for up to 20 Licenses.

Step 3

Select Content

 

Users and Areas of assessment. Once user accounts and the areas to be assessed are created, you can create/begin assessments. Do a preliminary assessment to see where risk lies and then do detailed assessments (Enterprise only) on high-risk locations.

 

 

Step 4

Configure and Assess

 

Users and assets. Once user accounts and assets are created, you can create/begin assessments. Do a preliminary assessment to see where risk lies and then do detailed assessments on high-risk locations.

 

 

 

RiskWatch Workflow

Stage 1 - Relevant asset or scope data (Organizational information, Criticality, Consequence, Threat Level, & Evaluation Criterial) is identified and entered into the RiskWatch application.

Stage 2 – Personnel that have the required knowledge of the organization’s processes, policies, and/or controls are identified and designated as Contacts in the application.

Stage 3 – Surveys access is distributed by the application via email to the Contacts identified in Stage 2 to evaluate the processes, policies, and or controls in place.

Stage 4 – Assessment is ready for analysis. Risk Scores are calculated based on Criticality, Consequence and Threat level from Stage 1 and a Gap Score based on the Survey results from Stage 3.

Stage 5 - Gaps are identified based on the survey results. Gap mitigation recommendations are given by the application Administrator.

Stage 6 – Remediation Tasks based on the Administrator’s recommendations (and/or recommendations provided by the Contacts) are assigned by the Administrator and managed by the application.

Stage 7 – Final Report is Generated by the application for review by Upper Management or Auditors.

RiskWatch product workflow.

If You Need Assistance with Implementation

After purchasing a RiskWatch product, you may decide you would like some assistance implementing the solution into your current risk management or compliance program. Your success is our number one priority. RiskWatch offers support packages for every client’s unique needs. We can help you adapt and customize your RiskWatch product to make it seamlessly integrate with your current process by offering:

User
Training
Technical
Support
Custom
Content
New Feature
Requests
Advice and
Suggestions

Your Content

 

One of the most important components of a RiskWatch product is the assessment content, metrics, and criteria. You will need to select question sets from our content library based on what you are assessing. Is it regulatory or industry compliance, enterprise risk, or supplier risk? Do you want to assess your organization’s security profile to standardized best practices? Maybe you want to assess each department or business unit’s compliance to your organization’s policies?

 

Each of these unique assessment types leverages survey questions from the RiskWatch content library. When you initiate your subscription, you will be asked to select the question sets that you will need to complete your assessments.

Survey Content Libraries

Adaptable to all industries

Comprehensive Survey Library

We offer 35 content libraries to suit your industry and generate your survey questions.

HIPPA

ISO 27001

SOX

PCI DSS

DSS

Upload Your Own Survey Content

Using the upload template, you can add questions to the survey module that currently do not exist in the software. These can be from government regulations, industry standards, best practices, or your own policies. These can be easily added using your product’s bulk upload process where you simply fill in the details of your assessment questions into a spreadsheet template that is generated by the software. Then upload the file back into your RiskWatch platform.

 

Each question can be weighted so some can have a greater impact on your risk/compliance score than others. For example, your question asking if a facility has a perimeter fence may be weighted higher than your question asking if there is barbed wire at the top of the fence.

 

Questions are also mapped to vulnerabilities allowing you to determine where you where you are most vulnerable.

 

Using the Survey Roles and Facility Type filtering within the questions, you will be able to ensure that personnel only receive survey questions that are relevant to them and they are qualified to answer.

 

You can also customize the response types for each question. Standard responses include, yes/no, 1-10, control maturity level, text, file upload, and diary/journal response. Add your own custom forms and multiple choice response types.

 

Use the Control Standard field to give the survey respondent more clarity as to why the question is being asked, or give additional information about the regulation/standard/policy that the question refers to.

Reduce exposure to liability. Manage risk. Monitor and maintain security.

Track continuous improvement. Sign up for instant access to a free trial.

Professional email address to activate trial

Hosting

 

RiskWatch products are a hosted solution on the web. The main objective of these tools are to save time and energy utilizing the power of internet to consolidate data from all the departments or resources working from different locations of the globe.

 

RiskWatch products are typically hosted on RiskWatch’s secure servers. They may also be hosted on your organization’s intranet infrastructure. For information regarding self-hosting RiskWatch products, contact RiskWatch support. If hosted in an intranet, they need access to an exchange server or an email server to send email notifications to their users.

Security

 

Data between the customer’s browser and our server is encrypted using AES 256bit encryption. All information contained in the database has AES-256 encryption and PBE with MD5 & Triple DES, to which RiskWatch International controls the encryption key.This database is also backed up daily and sent to an offsite location in Amazon S3 where it is re-encrypted and stored for Disaster Recovery and Business Continuity.

 

Access to the software is password protected. You can configure password complexity requirements, expiration, max number of failed login attempts, and session length.